English | Deutsch
Home »

Change History of Gpg4win

Please note that old releases still contain meanwhile fixed security issues.

Version 4.4.0 released 2024-11-27

  • File encryption/decryption and signing/verification:
  • Kleopatra: Encryption and decryption of large files is much faster. [T6351]
  • Kleopatra: It is now possible to change the name of a decrypted file if another file with the same name already exists. [T6851]
  • Kleopatra: Files can be signed with multiple signatures. [T6867, T7273]
  • Kleopatra: All valid user IDs are listed for signing and encryption. This simplifies using certificates with multiple user IDs. [T7183]
  • Kleopatra: An easier to understand message is shown if a file could not be decrypted because it wasn't encrypted for one of the user's certificates. [T7295]
  • Kleopatra: An icon for folder encryption was added. [T6984]
  • Certificate management:
  • Kleopatra: Certificates can be updated directly from the certificate list. [T6739]
  • Kleopatra: Additional subkeys can be added to existing certificates. [T6877]
  • Kleopatra: ADSKs can be added to existing certificates. [T6879]
  • Kleopatra: Look and feel of the certificate details view has been improved. [T7019, T6924, T6959, T7128, T7227, T7229, T7237, T7250, T7258]
  • Kleopatra: Changing the validity of subkeys has been improved. [T6878, T7198]
  • Kleopatra: Algorithm and keygrip can be displayed in the certificate list. [T6957]
  • Kleopatra: Generating a new OpenPGP certificate has been simplified by removing some options. [T6998]
  • Kleopatra: The confirmation window that is shown when deleting a certificate was simplified. [T7043]
  • Kleopatra: The workflow for revoking a certificate has been improved. [T7076, T7078]
  • Kleopatra: Certificates can be disabled if one doesn't want to use them for encryption or signing but still wants to keep them available. [T7089, T7217, T7234, T7296]
  • Kleopatra: In the certificate details window the origin of user-IDs can be displayed. [T7096]
  • Kleopatra: The password protecting a subkey can be changed even if the primary secret key is not available (offline key). [T7104]
  • Kleopatra: The name of the column displaying the status of certificates (e.g. certified, not certified, expired, revoked, etc.) was changed to "Status". [T7219]
  • Kleopatra: Descriptions (tooltips) clarify the filter criteria that can be applied to the listed certificates. [T7302]
  • Certificate lookup:
  • Kleopatra: Show message that certificate lookup is in progress. [T6493]
  • Kleopatra: Show the certificate details on double-click on search results. [T7027]
  • Kleopatra: Show origin in search results. [T7067]
  • Kleopatra: Show all search results if same certificate was found on multiple servers. [T7153]
  • Kleopatra: Show origin and protocol columns in search results. [T7155]
  • Kleopatra: Adapt widths of columns to search results. [T7252]
  • Kleopatra: Select a unique search result for easier import. [T6936]
  • Certificate groups:
  • Kleopatra: The group configuration can be opened from the toolbar. [T6913]
  • Kleopatra: The configuration of groups has been simplified. [T6662, T6722, T6966, T7321]
  • Kleopatra: New groups can be created directly from the certificate list. [T6912]
  • Kleopatra: When a certificate is deleted then the groups containing the certificate are listed. [T6403]
  • Kleopatra: The group configuration file kleopatragroupsrc is now stored in the GNUPGHOME. [T6931]
  • Smartcard management:
  • Kleopatra: Look and feel of the smartcard management view has been unified. [T6420, T6847, T7018, T7082]
  • Kleopatra: Certificates are now imported automatically from smartcards. [T6846]
  • Kleopatra: The workflow for moving a key to a smartcard has been improved. [T6933]
  • Other features:
  • Kleopatra: Add option to disable OpenPGP keyserver lookup. Add option to enable automatic retrieval of signing certificates when verifying signatures. [T6950]
  • Kleopatra: Add possibility to show the GnuPG configuration to help customer support. [T6072, T7331]
  • Kleopatra: Automatically initiate the most likely operation (encryption, decryption or import) when a file is dropped on Kleopatra. [T6894]
  • Kleopatra: The Help menu contains a link to the GnuPG manual. [T7064]
  • Kleopatra: Improve accessibility of additional information offered when deleting S/MIME CA certificates. [T7073]
  • Bug fixes
  • Kleopatra: Ensure that links and selected certificates are readable if a high contrast color scheme is used on Windows. [T6073]
  • Kleopatra: Cancel the "print secret key" operation when the password prompt is canceled. [T6091]
  • Kleopatra: Keep selection in certificate list when showing the certificate details. [T6360]
  • Kleopatra: Always show imported certificates in a new tab. [T6447]
  • Kleopatra: Report a failed encryption if the creation of an encrypted archive is not completed successfully. [T6554]
  • Kleopatra: A crash was resolved that occurred when deleting a certificate in a circular certificate chain. [T6602]
  • Kleopatra: Do not offer publication of revocations when revoking local certifications. [T6712]
  • Kleopatra: Don't show the root certificate twice when Kleo shows a certificate chain with two certificates. [T6807]
  • Kleopatra: Create OpenPGP certificates that are created from smartcard keys with correct validity. [T6889]
  • Kleopatra: Use dark icons if the light high contrast color scheme ("Desert") is used on Windows 11. [T6921]
  • Kleopatra: Make it more obvious whether the validity of subkeys is extended together with the validity of the primary key. [T6958]
  • Kleopatra: Do not show certificate groups if no certificate in the group matches the current filter criteria. [T6970]
  • Kleopatra: Report correct reason for failure if generating smartcard keys fails because a wrong PIN is entered. [T6971]
  • Kleopatra: Also change the title of the first tab in the certificate list when the selected filter is changed. [T7002]
  • Kleopatra: Report error if lookup on server fails because of an invalid keyserver. [T7036]
  • Kleopatra: Do not perform a keyserver lookup when updating a certificate if keyserver lookup was disabled. [T7037]
  • Kleopatra: Correctly display the saved value of the "Treat .p7m files without extensions as mails" option in the configuration dialog. [T7048]
  • Kleopatra: Don't show warning that a certificate has expired for certificates that expire in the year 2038 or later. [T7069]
  • Kleopatra: Ensure that the About dialog always shows the version information for GnuPG and libgcrypt. [T7090]
  • Kleopatra: Allow showing the main window with the certificate list above the certificate details windows. [T7094]
  • Kleopatra: Show correct success/error messages when changing the reset code/PUK of an OpenPGP card. [T7122]
  • Kleopatra: Ignore leading and trailing space characters when looking up certificates on servers. [T7132]
  • Kleopatra: Do not change OpenPGP keyserver entries starting with "ldap:". [T7145]
  • Kleopatra: Do not show an additional success message if deleting the secret key from the hard disk fails after copying the secret key to a smart card. [T7157]
  • Kleopatra: Do not wrongly claim that a certificate without email address was updated via WKD. [T7190]
  • Kleopatra: Fix issue that the certificate details window was unusable when it was opened from the edit group window. [T7233]
  • Kleopatra: Fix issue that the certificate details window opened in the background when opened from the decryption/verification result window. [T7244]
  • Kleopatra: Fix a problem that occurred when importing and certifying a certificate with a revoked user ID. [T7274]
  • Kleopatra: Fix a problem that for some certificates the email address was shown in the Name column. [T7280]
  • Kleopatra: Fix a problem on key generation after using the "Retry" button. [T7365]
  • Kleopatra: A crash was resolved that occurred when unplugging a smartcard while an operation is in progress. [T7372]
  • Kleopatra: Correctly finish a print secret key operation if an empty or wrong password is entered. [T7375]
  • Kleopatra: Ensure that tool tips are easy to read if a dark color scheme is used on Windows. [T7414]
  • GpgOL: Don't show conformance status if "Do not sign this email" is selected in the security approval window. [T6808]
  • GpgOL: A crash was resolved that sometimes occurred in the security approval window and that resulted in a "No recipients for encryption selected" error in Outlook. [T7312]
  • GnuPG: For a full list of changes between GnuPG 2.4.5 in Gpg4win-4.3.1 and GnuPG 2.4.7 in Gpg4win-4.4.0 please see: https://dev.gnupg.org/T7030 and https://dev.gnupg.org/T7353
GnuPG:           2.4.7
Kleopatra:       3.3.0
GpgOL:           2.5.14
GpgEX:           1.0.11
Kompendium DE:   4.0.1
Compendium EN:   3.0.0

Explicit download of this version: gpg4win-4.4.0.exe

Version 4.3.1 released 2024-03-11

  • GnuPG: D-TRUST ECC smart cards are now supported. [T7000,T7001]
  • Kleopatra: The WKD lookup does now also work if the mail addresses are surrounded by spaces. [T6868]
  • Kleopatra: The WKD lookup now works even if no keyserver is configured. [T6868]
  • GnuPG: The Windows system root CAs are now trusted when checking CRL. [T6963]
  • GnuPG: For a full list of the backend changes between GnuPG 2.4.4 in Gpg4win-4.3.0 and GnuPG 2.4.5 in Gpg4win-4.3.1 please see: https://dev.gnupg.org/T6960
GnuPG:           2.4.5
Kleopatra:       3.2.2
GpgOL:           2.5.12
GpgEX:           1.0.10
Kompendium DE:   4.0.1
Compendium EN:   3.0.0

Explicit download of this version: gpg4win-4.3.1.exe

Version 4.3.0 released 2024-01-25

  • Kleopatra: A new mail viewer mode has been added, allowing crypto mails received by mail clients without PGP/MIME or S/MIME support to be decrypted. This means that you can open an SMIME.p7m file or openpgp-encrypted-message.asc attachment with Kleopatra, and it will be displayed as a mail. [T6199]
  • Kleopatra: It is now possible to certify multiple certificates at once using the group interface. [T6469]
  • Okular (GnuPG Edition): This PDF reader has received a lot of updates and is now ready for everyday's use.
  • GnuPG: Support for proxy authentication using the Negotiation method has been added. [T6719]
  • GnuPG: Keyserver can now be configured to the value "none" to avoid unnecessary queries to non-existing keyservers that would slow down the system. [T6708]
  • GnuPG: Es kann nun der Wert "none" als Schlüsselserver verwendet werden, um unnötige Abfragen gegen nicht existierende Server zu vermeiden, die das System verlangsamen würden. [T6708]
  • GnuPG: A new option has been added to ignore specific CRL extensions. This can help as a workaround for problems with specific CRLs. [T6545]
  • GnuPG: Automatic proxy detection has been improved. [T5768]
  • Kleopatra: The start time of Kleopatra has been drastically improved on throttled systems with third-party software installed, which manipulates system calls. The number of system calls to start Kleopatra has been roughly halved. [T6259]
  • Kleopatra: The advanced options in the certification view are now automatically visible if they were open in the last certification. [T6480]
  • Kleopatra: Windows dark mode is now fully supported. [T4066]
  • Kleopatra: Some invalid operations, such as signing with an expired certificate, which would have resulted in errors, can no longer be triggered. The reason for this is indicated, too. [T6742 T6788]
  • Kleopatra: The support for Telesec signature cards has been improved. [T6830]
  • Kleopatra: When exporting or publishing certificates, the user is now informed if there are uncertified certificates in the export. This is especially useful when exporting groups. [T6766]
  • Kleopatra: Expiry dates after 19.01.2038 (year 2038 bug) are now possible. [T6736]
  • Kleopatra: The dialog to extend OpenPGP certificates has been improved and redundant options removed. [T6621]
  • Kleopatra: When creating archives, they are now written out as a .part file to improve error handling and canceling the operation without leaving a broken archive in the file system. [T6584]
  • Kleopatra: Updating certificates now also looks for updates in a Web Key Directory if one exists for the domain. [T5951]
  • Kleopatra: Progress bars are now also properly shown for S/MIME file operations. [T6534]
  • GpgOL: Added support for RFC2231 encoded attachment filenames, which increases compatibility with Apple Mail. [T6604]
  • GpgOL: Draft encryption with S/MIME certificates now skips CRL checks and is much faster and reliable. [T6827]
  • GpgOL: The error handling was improved if a preference for S/MIME is set and signing selected but no signing certificate can be found. See: https://gnupg.com/vsd/registry-settings.html (smimeNoCertSigErr) on how to add a custom message to instruct users what to do in this case. [T6683]
  • GpgOL: It is now possible to encrypt to S/MIME certificates that are untrusted or cannot be validated because of CRL errors. In this case a warning dialog is shown, allowing the user to override the errors. This is not VS-NfD compliant but can be used for unrestricted encryption. [T6701]
  • GpgOL: Mails without the correct MIME type but which still look like crypto mails are now decrypted. This improves compatibility with Apple Mail and various mail gateways that modify the structure of crypto mails in transit. [T6701]
  • GpgOL: The internal attachments are now called "GpgOL_MIME_structure.mime" instead of "GpgOL_MIME_structure.txt" to make it easier to link them to Kleopatra. This is, for example, visible for users when using the Outlook web interface. [T6656]
  • GpgOL: The initialization has been moved to avoid the incorrect message that GpgOL is causing a slow start of Outlook. This message might still be shown, since Outlook shows this sometimes regardless of actual timings, but the delay should be 0ms. [T6856]
  • GpgOL: The security approval dialog has been improved to better show problems with the available certificates in case a compliant encryption is not possible. [T6742 T6743 T6744]
  • GpgOL: The security approval dialog now increases its size based on the number of recipients to avoid having to use a scroll bar. [T6837]
  • Kleopatra: The state of Kleopatra is now properly stored in configuration files when Kleopatra is shut down on user log out. [T6667]
  • Kleopatra: Importing a certificate with Kleopatra will now open the main window of Kleopatra. [T6671]
  • Kleopatra: No longer unnecessarily watches the clipboard for changes; this could have caused issues with password managers that would empty the clipboard as soon as a third-party application tried to access it. [T6531]
  • Kleopatra: It is no longer possible to set expiry dates in the past. [T6519]
  • Kleopatra: Importing multiple certificates at once can no longer cause Kleopatra to lock up. [T6323]
  • Kleopatra: When generating keys on a smart card in compliance mode, only compliant algorithms are offered. [T6750]
  • Kleopatra: Fixed an issue where certificate tags would not be displayed correctly after reloading certificates. [T6768]
  • GpgOL: The security approval dialog now correctly updates the compliance status after switching protocols. [T6600]
  • GpgOL: The security approval is now always shown and displays the correct state for groups containing untrusted or otherwise non-compliant certificates. [T6401]
  • GpgOL: Fixed an issue with S/MIME opaque signed mails where the contents of invalid signed mails would not be shown. [T6624]
  • GpgOL: When generating a key through the security approval dialog, the configured default algorithms from GnuPG are now used. [T6805]
  • GpgOL: Generating keys through the security approval dialog now works as intended. [T6813 T6823 T6566]
  • GpgOL: A crash issue has been resolved that could occur when switching between different Outlook views, for example, from the calendar back to the mail view, while a crypto mail was open. This crash was only happening in Outlook versions older than Outlook 2019 or when the "always preview messages" setting was enabled. This potential crash affected all modern versions of GpgOL. (T6861)
  • GnuPG: For a full list of the backend changes between GnuPG 2.4.3 in Gpg4win-4.2.0 and GnuPG 2.4.4 in Gpg4win-4.3.0 please see: https://dev.gnupg.org/T6578
GnuPG:           2.4.4
Kleopatra:       3.2.0
GpgOL:           2.5.12
GpgEX:           1.0.10
Okular:          23.11.70
Kompendium DE:   4.0.1
Compendium EN:   3.0.0

Explicit download of this version: gpg4win-4.3.0.exe

Version 4.2.0 released 2023-07-14

  • Okular (GnuPG Edition): Gpg4win has been extended with the popular Okular PDF Viewer. Although our Okular version is currently considered experimental and therefore not installed by default, this provides the ability to legally sign and verify documents with the S/MIME certificates and smart cards GnuPG supports. The GnuPG Edition of Okular is optimized to be lightweight and to provide as little attack surface as possible. It does not support any active content like JavaScript or media files in PDF documents. It should therefore be more suitable in high security environments than other PDF readers. See: https://www.gpg4win.org/version4.2.html
  • GnuPG: The new component "keyboxd" is now enabled by default for new users of Gpg4win. keyboxd stores certificates (public keys) in an sqlite database and keeps it in memory. The resulting performance improvement can be quite large especially for users with large keyrings. Adventuresome users can enable it manually: Select all certificates in Kleopatra and export them with a right click. Add a file %APPDATA%\gnupg\common.conf with the contents "use-keyboxd" (without the quote marks), then restart Kleopatra and import your certificates again. As usual we caution to make a backup of the %APPDATA%\gnupg directory before modifying files in there. To switch back to the old behavior, add a "#" character in front of the "use-keyboxd" and restart Kleopatra. Where applicable you have to export the certificate before and import them again after the restart.
  • mkportable has been removed. Please see: https://wiki.gnupg.org/Gpg4win/PortableVersion on how to create a portable version of Gpg4win.
  • Kleopatra: Folder encryption and decryption (gpgtar) has been completely reworked so that it now has roughly the same performance as on the command line. The new architecture also allows for further performance improvements in the future and is much more robust. And solves several issues. [T5478 T6488 T6499 et.al.]
  • Kleopatra: The progress indicator now also works for very large data files. [T6534]
  • Kleopatra: It is now possible to rename the output file, if a file with the same name already exists, instead of just overwriting or canceling. [T6372]
  • Kleopatra: It is now offered to delete the secret key on the computer after it was successfully transferred to a smart card. [T5836]
  • Kleopatra: Added warnings when your certificate or other certificates in your keyring are about to expire. The warnings are configurable and should allow a smoother switch to a new or extended certificate. [T6452]
  • Kleopatra: The Notepad now also uses the last chosen certificates for signing and self-encryption as default. The values are shared with file encryption.[T6415]
  • Kleopatra: The startup time of Kleopatra has been slightly improved. [T6259]
  • Kleopatra: The certificate selection input and dropdown fields are now alphabetically sorted. [T6492, T6514]
  • Kleopatra: Backed up subkeys can now be restored through the UI even when they were used from a smart card in between. [T3456, T3391]
  • Kleopatra: For certifications of public keys it is now possible to configure a default validity period. [T6452]
  • Kleopatra: When extending the validity period of a certificate, the default for new ones is now preset. [T6479]
  • Kleopatra: The default validity of new certificates is now three years instead of two. This can be changed through configuration. [T2701]
  • GpgOL: Now offers to create a OpenPGP certificate, if none with signing capability exists and only signing is requested. [T5869]
  • GnuPG: The PKCS#12 (.p12 files) parser has been rewritten to increase compatibility with other PKCS#12 implementations. [T6536]
  • GnuPG: S/MIME certificate listings have been sped up on Windows. [rG08ff55bd44]
  • GnuPG: A new option "ADSK" has been added to signal the intention that messages should be encrypted to multiple subkeys. [T6395, https://gnupg.org/blog/20230321-adsk.html]
  • GnuPG: There are now more compressed formats detected for which GnuPG then automatically disables its builtin compression. This can result in significant speed ups. [T6332]
  • Kleopatra: An accidental timeout when creating checksum files has been removed. This could result in empty or incomplete checksum files. [T6573]
  • Kleopatra: The validity period of all subkeys is now extended even if the primary key was already expired. This fixes the case where seemingly extended keys were no longer usable for encryption. [T6473]
  • Kleopatra: A rare occurrence, where encryption only keys would be offered as signing keys, has been fixed. [T6456]
  • Kleopatra: Some obsolete configuration options have been removed. [T6326 T6327]
  • Kleopatra: The button "What's this" in the right upper corner has been removed, since it was only used in very few places. [T6318]
  • Kleopatra: Canceling file operations now reliably cancels the underlying backend operations, too. [T6524]
  • Kleopatra: A number of encoding problems when displaying output from the backend have been solved. [T5960]
  • Kleopatra: A cause for longer loading time of the certificate list at startup was fixed. [T6261]
  • Kleopatra: Selecting cancel when exporting a secret subkey now properly cancels instead of creating a file without the secret part. [T5755]
  • Kleopatra: When importing secret keys you do not want to mark as your own, it is no longer asked multiple times if it is your own key. [T6474]
  • GnuPG/Kleopatra: Error handling for permission and write errors has been improved across the board. [T6528]
  • GpgOL: An issue has been fixed where crypto mails would show up empty if text/plain display was preferred. [T6357]
  • GpgOL: Fixed a crash that occurred when encrypting a mail with an attachment without a file name. [T6546]
  • GpgOL: Category and flag changes now work again if the mail is not displayed in a decrypted state when they are made. [T4127]
  • GpgOL: Added safeguards against a plain text leak back to the server in a specific unusual configuration. (dd3ff839)
  • GnuPG: For a full list of the backend changes between GnuPG 2.4.0 in Gpg4win-4.1.0 and GnuPG 2.4.3 in Gpg4win-4.2.0 please see: 2.4.1: https://lists.gnupg.org/pipermail/gnupg-announce/2023q2/000478.html 2.4.2: https://lists.gnupg.org/pipermail/gnupg-announce/2023q2/000479.html 2.4.3: https://lists.gnupg.org/pipermail/gnupg-announce/2023q3/000480.html
GnuPG:           2.4.3
Kleopatra:       3.1.28
Okular:          23.07.70-patched
GpgOL:           2.5.8
GpgEX:           1.0.9
Kompendium DE:   4.0.1
Compendium EN:   3.0.0

Explicit download of this version: gpg4win-4.2.0.exe

Version 4.1.0 released 2022-12-20

  • GPA: So long, and thanks for all the fish. To reduce maintenance and improve the overall quality of Gpg4win we have decided to retire GPA. Over the last decade Kleopatra has made large improvements in quality and is very well maintained and the focus of our development. [rW3f7ed3834f]
  • GnuPG: Improve signature verification speed by a factor of more than four. Double detached signing speed. [T5826]
  • GnuPG: Import stray revocation certificates to improve WKD usability.
  • GnuPG: New option --add-revocs for gpg-wks-client. [rG2f4492f3be]
  • GnuPG: Ignore expired user-ids in gpg-wks-client. [T6292]
  • GnuPG: Support the Telesec Signature Card v2.0 in OpenPGP. [T6252]
  • GnuPG: For the new AEAD Format we now only allow the fast OCB mode. The EAX mode may still be used for decryption. [rG5a2cef801d]
  • Kleopatra: Support the import of non-standard conforming UTF-16 encoded text files with certificates. [T6298]
  • Kleopatra: New Option to delete the locally stored secret key after a transfer to a smart card. [T5836]
  • Kleopatra: Improve the display of keys in the group edit dialog. [T6295]
  • Kleopatra: Simplify changing the owner trust of keys. [T6148]
  • Kleopatra: Allow selecting ECC with supported curves when generating new keys for smart cards. [T4429]
  • GnuPG: Update the X.509/CMS library Libksba to version 1.6.3 to fix a security problem in the CRL signature parser. [T6230]
  • GnuPG: Fix trusted introducer for mbox only user-ids. [T6238]
  • GpgOL: IMAP access to encrypted mails works again. [T6203]
  • Kleopatra: Don't report success if the key signing job was canceled. [T6305]
  • Kleopatra: Report failed imports immediately when receiving the result. [T6302]
  • Kleopatra: Do not offer invalid S/MIME certificates for signing or encryption. [T6216]
  • Kleopatra: Don't ask user to certify an imported expired or revoked OpenPGP key. [T6155]
  • Kleopatra: Do not crash when closing details widget while certificate dump is shown. [T6180]
  • Kleopatra: Improve usability and accessibility of the notepad operations. [T6188]
GnuPG:           2.4.0
Kleopatra:       3.1.26
GpgOL:           2.5.6
GpgEX:           1.0.9
Kompendium DE:   4.0.1
Compendium EN:   3.0.0

Explicit download of this version: gpg4win-4.1.0.exe

Version 4.0.4 released 2022-10-17

  • GnuPG: Avoids "invalid hash method" errors by using SHA-256 for certificates with implicit SHA-1 preferences in de-vs mode. (T6043)
  • GnuPG: In de-vs mode use AES-128 instead of 3-DES as implicit preference. This avoids problems with software considering 3-DES as non-compliant but does only announce 3-DES as supported algorithm. (T6063)
  • GnuPG: Add new LDAP server flag "areconly" (A-record-only) to help against long delays on some AD installations.
  • GnuPG: New feature to mirror an LDAP keyserver to a Web key Directory. (T6224)
  • GnuPG: Improve reporting of bad passphrase errors during PKCS#11 import. (T5713,T6037)
  • GnuPG: It is now possible to forbid users to trust additional root certificates. The option for this is "no-user-trustlist". (T5990)
  • GnuPG: It is now possible to change the default filename (trustlist.txt) for the list of S/MIME root certificates. The option for this is "sys-trustlist-name" or on Windows it can be configured in the registry. This allows admins to change the S/MIME root certificates from the packaged default without having it overwritten with each update. (T5990)
  • GnuPG: The "display serial number" is now used for card insert prompts. This should match the serial number printed on smart cards. (T6135)
  • GnuPG: New "common.conf" option "no-autostart". (rG203dcc19eb)
  • GpgOL: Groups configured in Kleopatra can now be used for mail encryption. Groups must contain only keys of one protocol (either S/MIME or OpenPGP) and be named like the mail address. (T5967)
  • GpgOL: An exclamation mark at the end of the GpgOL config registry values under "Local machine" now disallows the user to change that setting. (T5827)
  • Kleopatra: Any configuration settings in kleopatrarc are now configurable through the Windows Registry / Group Policies, too. (T5707)
  • Kleopatra: Automatic extraction of tar archives can now be disabled in the Kleopatra settings. (T6057)
  • Kleopatra: The original filename is now embedded in encrypted files. (T6056)
  • Kleopatra: In case the embedded filename does not match the filename of the encrypted file, the user is asked after decryption if the file should be renamed to the embedded name. This only works for files encrypted with GnuPG VS-Desktop 3.1.24 or later. (T6056)
  • Kleopatra: The user is now asked which file should be verified if the signed data for a detached signature (.sig) could not be found automatically. (T6062)
  • Kleopatra: Queries containing just a single character are now allowed when searching in remote directories. This should make it easier to list all certificates in a directory. (T6064)
  • Kleopatra: When a user specific trustlist.txt is created by Kleopatra it now adds the "include-default" keyword, so that the system wide trustlist.txt is still included. (T6096)
  • Kleopatra: The storage location is now displayed per subkey to better support offline keys and multiple smart cards. (T6108)
  • Kleopatra: The certificate details now have an explicit update button to refresh a key from the configured directory services. (T5903)
  • Kleopatra: The fingerprint with the suffix .rev is now used as suggested filename for revocation certificates. (T6121)
  • Kleopatra: Several more file dialogs now save the last used directory. (T6121)
  • Kleopatra: When withdrawing certifications, the own certifications on the certificate are now automatically determined. (T6115)
  • GnuPG: Update the X.509/CMS parsing library Libksba to version 1.6.2 to fix a severe security problem. (T6230)
  • GnuPG: Do not consider unknown public keys as non-compliant while decrypting. (T6205)
  • GnuPG: Fix CRL Distribution Point fallback to other schemes.
  • GnuPG: Fix upload of multiple keys for an LDAP server specified using the colon format.
  • GnuPG: Fix a key upload problem when a BaseDN is specified for an LDAP server. (T6047)
  • GnuPG: YubiKeys with firmware versions 5.4 and above are correctly detected again. (T6070)
  • GnuPG: Combined symmetric and asymmetric encryption / decryption is now displayed as VS-NfD compliant, if appropriate. (T6119)
  • GnuPG: A misleading error message when transferring keys to a smart card was changed. (T6122)
  • GnuPG: The options "auto-key-import" and "include-key-block" are changeable through Kleopatra, again. (T6138)
  • GnuPG: A possible path traversal security issue regarding "gpg-wks-server" has been fixed. This only affects users of "gpg-wks-server" in a WKS deployment. (T6098)
  • GnuPG: Fix a regression in "READKEY --format=ssh". (T6012)
  • GpgOL: Fixed some encoding issues.
  • GpgOL: Issue with sender resolution for draft mails fixed.
  • GpgOL: A hang and performance problem when displaying unencrypted mails with a specific structure has been fixed. (#8917)
  • GpgOL: Stale temporary files created by GpgOL are now deleted to avoid clutter on systems that do not clean the temporary files. (T5926)
  • GpgOL: Fix a regression in IMAP access to encrypted mails. (T6203)
  • Kleopatra: No longer reports success when adding an empty userid. (T5997)
  • Kleopatra: The maximum expiration date is now 2106-02-05. (T5991)
  • Kleopatra: S/MIME certificate trees are no longer collapsed when details are opened by double click. (T6055)
  • Kleopatra: Minor improvements to the encrypt / sign recipient selection dialog. (T6080)
  • Kleopatra: Canceling the password entry when exporting a secret key now correctly aborts the operation. (T6090)
  • Kleopatra: A family of startup crashes has been fixed. The crashes would show up in the event log as crashes in libstdc++6.dll. (T6131)
  • Kleopatra: Fixed a very rare hang when archiving files. This caused Kleopatra never to finish an archiving operation. (T6139)
  • Kleopatra: When only a single OpenPGP certificate is imported, the question about weather to certify it has been restored. (T6144)
  • Kleopatra: Problems of "Failed to move directory" when decrypting archives on systems where the users TEMP directory was placed on Microsoft virtual hard disks have been resolved. (T6147)
  • Kleopatra: The following dialogs have been changed so that they are usable: * with keyboard only * with a screenreader (tested NVDA and ORCA) * with 400% magnification * with high contrast color scheme (T6073) * with inverted color scheme (T6073) - OpenPGP certificate creation (T5969, T5832) - The main window toolbar (T6026) - Certificate Details (T5843) - Certificate certification (T6046) - Expiration date change (T6080) - Group configuration (T6095) - DN Attribute Order configuration (T6089) - Subkey details (T6104) - Certifications view (T6102) - Self Test (T6101)
  • Kleopatra: Generating a new OpenPGP certificate is reduced to a single dialog. (T5832)
  • Kleopatra: Creating an S/MIME Certificate Signing Request (CSR) is now a standalone action in Kleopatras file menu. (T5832)
  • Kleopatra: Links used in Kleopatra texts are now accessible for screenreaders. (T6034)
  • Kleopatra: Text parts (labels) are now selectable and the selection is highlighted. This is easier to control with a Screenreader. (T6036)
  • Kleopatra: Tooltip pop-ups are now read out by screenreaders. (T6044)
  • Kleopatra: All icon-only buttons should now have a description which can be read by Screenreaders. (T6088)
  • Kleopatra: Navigating the certificate list with the keyboard is improved. (T5841)
  • Kleopatra: Validity period labels have been unified to "Valid from" and "Valid until" respectively. (T6120)
  • Kleopatra: Compliance display has been simplified by removing the "communication is possible" part. (T5855)
GnuPG:           2.3.8
Kleopatra:       3.1.24
GPA:             0.10.0
GpgOL:           2.5.5
GpgEX:           1.0.9
Kompendium DE:   4.0.1
Compendium EN:   3.0.0

Explicit download of this version: gpg4win-4.0.4.exe

Version 4.0.3 released 2022-07-12

  • Kleopatra: A crash that occured when exiting the Application has been fixed. (T5962)
  • GnuPG: Security update to 2.3.7 to fix CVE-2022-34903. (T6027)
  • GnuPG: Improved import of PKCS#12 containers. (T6037,T5793,T4921,T4757)
GnuPG:           2.3.7
Kleopatra:       3.1.22
GPA:             0.10.0
GpgOL:           2.5.3
GpgEX:           1.0.9
Kompendium DE:   4.0.1
Compendium EN:   3.0.0

Explicit download of this version: gpg4win-4.0.3.exe

Version 4.0.2 released 2022-04-25

  • Kleopatra: OpenPGP and S/MIME key generation are now optimized for accessibility. (T5832)
  • Kleopatra: The tab bar for different certificate views is now always shown. (T5841)
  • Kleopatra: The certificate view can now be navigated by arrow keys to make it more accessible by keyboard. (T5841)
  • Kleopatra: Empty cells in the certificate view now have screen reader specific annotations to make them readable. e.g.: "no name" or "no email". (T5841)
  • Kleopatra: Key-IDs and Fingerprints are now read by screen readers in groups of four characters. (T5841)
  • Kleopatra: The file encryption dialog has been optimized for accessibility. (T5845)
  • Kleopatra: The certificate selection dialog, which can be accessed through the file encryption dialog, has been optimized for accessibility. (T5876)
  • Kleopatra: The dialog for adding a User-ID has been rewritten for full accessibility. (T5916)
  • Kleopatra: The GnuPG backend can now be restarted through an action in the Extras menu. (T5775)
  • Kleopatra: A tooltip highlights why subkeys are needed in the advanced key generation dialog. (T5781)
  • Kleopatra: There is now a button in certificate details to copy the fingerprint via clipboard without spaces. (T5776)
  • Kleopatra: The smartcard reader settings are now on their own configuration page. (T5857)
  • Kleopatra: It is now possible to revoke your own key. (T5859)
  • Kleopatra: The dialog for adding a User-ID has been rewritten and now also accepts names starting with numbers. (T5916)
  • Kleopatra: It is now possible to configure a minimal and maximal validity period for new keys. (T5864)
  • Kleopatra: Configuration of default-new-key-algo is simplified for ECC curves. (T5717)
  • Kleopatra: The key creation wizard can now hide advanced settings through configuration. (T5690)
  • Kleopatra: When searching for keys a Web Key Directory is also searched if this is available for the searched domain. (T5334)
  • Kleopatra: A new setting in group [Smartcard] "AlwaysSearchCardOnKeyserver" enables the query of any configured keyserver for certificates of a smartcard if set to true. (T5735)
  • Kleopatra: Additional dialogs have file endings preset when saving crypto files. (T5736)
  • Kleopatra: Error handling for failed PKCS#12 imports is improved. (T5713)
  • Kleopatra: An information is now shown if keyserver return invalid search results. (T5725)
  • Kleopatra: Additional help documents, for GnuPG VS-Desktop, are now added in the help menu.
  • Kleopatra: Secret subkeys can now be exported and imported. (T5755)
  • Kleopatra: Config settings which are forced in global configuration are now properly greyed out. (T5791)
  • Kleopatra: Automatic detection of new smartcards has been improved. (T5782)
  • Kleopatra: Configuring both an OpenPGP and X.509 keyservers has been improved. (T5801)
  • Kleopatra: Opening external links can now be administratively prohibited. (T5777)
  • Kleopatra: When opening outlook attachments the default output path is now in the documents folder of the user. (T5774)
  • Kleopatra: In the certificate details certification view it is now possible to retrieve all certifier certificates. (T5805)
  • Kleopatra: It is now possible to fetch the keys of certifiers automatically on import. This can be enabled through the setting "RetrieveSignerKeysAfterImport" in the "Import" group. (T5805)
  • GpgEX: It is now possible to configure the default command through the Windows registry. (T5915)
  • GnuPG: Massive performance improvements: - Doubled detached signing speed. - Up to five times faster verification of detached signatures. - Threefold decryption speedup for large files. - Nearly double the AES256.OCB encryption speed. (T5826, T5820) For full use of these improvements use GnuPG on the command line.
  • GnuPG: New Option "--require-compliance" to create an error if an Operation did not comply to the compliance setting.
  • GnuPG: Tar archives now support longer filenames larger then MAX_PATH. (T5754)
  • GnuPG: ECDSA is now supported for CRLs and OCSP.
  • GnuPG: WKD lookups now also work for resolvers not handling SRV records. (T4729)
  • GnuPG: Updated to 2.3.6. For full details see: https://lists.gnupg.org/pipermail/gnupg-announce/2022q2/000472.html
  • Kleopatra: Keyserver configuration now properly resets to default value on empty configuration. (T5711)
  • Kleopatra: Several places where the application name was written in lowercase have been fixed. (T5833)
  • Kleopatra: A crash has been fixed that occurred when revoking a certification without a selected key. (T5858)
  • Kleopatra: The keylist filter for not certified certificates now only shows not certified keys and not all invalid certificates. (T5850)
  • Kleopatra: Forcing the key type through configuration now also forces correct usage flags. (T5856)
  • GpgOL: Fixed a double free error which could lead to random crashes. This double free was not exploitable as a security issue.
  • GpgOL: A Problem has been fixed which could cause cleartext to be sent to the Exchange Server. This occurred when modifying an encrypted draft. (T5564)
  • GpgOL: Draft Encryption can now be enabled through the registry by setting the value "auto" for "draftKey". (T5564)
  • GnuPG: Windows account names with special characters are handled again.
  • GnuPG: Config values from the windows registry are now properly shown with gpgconf --show-configs. (T5724)
GnuPG:           2.3.6
Kleopatra:       3.1.22
GPA:             0.10.0
GpgOL:           2.5.3
GpgEX:           1.0.9
Kompendium DE:   4.0.1
Compendium EN:   3.0.0

Explicit download of this version: gpg4win-4.0.2.exe

Version 4.0.0 released 2021-12-21

  • Kleopatra: The group configuration has been extended so that groups can now be exported and imported. (T5638)
  • Kleopatra: Now shows the used GnuPG version in the about dialog. (T5652)
  • Kleopatra: Added an option under crypto operations to only use symmetric encryption. (T5661)
  • Kleopatra: Available Smartcard readers can now be listed under settings. (T5662)
  • Kleopatra: The update notification has been fixed. (T5663)
  • Kleopatra: Checks for RESTRICTED / VS-NfD compliance now take underlying library configurations into account. (T5362)
  • Kleopatra: Added error handling for operations which are not allowed in the configured compliance mode. (T5653)
  • Kleopatra: Configuration of Keyservers is now shown correctly even when done through dirmngr.conf. (T5672)
  • Kleopatra: Smartcard reader can now be selected through a menu which shows all available readers. This is found under the GnuPG System Smartcard configuration. (T5666)
  • Kleopatra: When searching for certificates in the available list, a following "Search on Server" is now prefilled with the search string. (T5624)
  • Kleopatra: Both S/MIME and OpenPGP certificates can now be imported from a single file. (T5638)
  • Kleopatra: Configuration pages can now be hidden. (T5689)
  • Kleopatra: The key creation wizard can now be customized with custom placeholders and expiry times. (T5690 T5708)
  • Kleopatra: It is now possible to hide S/MIME (CMS) actions for an OpenPGP only mode. (T5688)
  • Kleopatra: The GnuPG-System configuration has received minor cleanups. (T5677)
  • Kleopatra: A crash related to circular certificate chains has been fixed. (T5697)
  • Kleopatra: Ask GnuPG for the correct path for the uiserver socket (T5619).
  • Kleopatra: Fix a problem with smartcard detection on startup. (rKd2338373ab41)
  • Kleopatra: Enable the "create openpgp key from card" command only for GnuPG >= 2.3. (rK107abfdb1a41)
  • Kleopatra: Windows no longer appear in the background when Kleopatra is not the active foreground process. (T5533)
  • Kleopatra: The directory services configuration for LDAP servers has been extended. (T5465)
  • Kleopatra: It is now possible to set an expiration date for a certification. (T5336)
  • Kleopatra: It is now possible to update subkey expiration dates with Kleopatra. (T4717)
  • Kleopatra: The default keyserver is now queried from GnuPG. (T5514)
  • Kleopatra: Users are now prompted to set the ownertrust when certifying with an untrusted key. (T5511)
  • Kleopatra: Symmetric encryption is now preselected if no keys are present. (T5545)
  • Kleopatra: Every action in the file encryption dialow is now accessible through a shortcut. (T5544)
  • Kleopatra: Accessibility, especially for encryption, has been greatly improved. (T5535)
  • GpgOL: Contents are no longer hidden if plain text only is configured through group policies. (T5681)
  • Pinentry: Symmetric passwords are now formatted when visible if the corresponding gpg-agent option "pinentry-formatted-passphrase" has been set. (T5517)
  • Pinentry: It is now possible to generate secure passwords for symmetric encryption through gpg-agent. (T5517)
  • Pinentry: It is now possible to add custom help text files to explain passphrase constraints. (T5517)
  • Pinentry: Passphrase constraints are now better checked and violations no longer clear the entered passphrase. (T5532)
  • Pinentry: A capslock warning is now shown. (T4950)
  • Pinentry: The dialog is now more accessible and constraints are shown in a way that screenreaders can handle.
  • GnuPG: Passphrase constraint handling has been improved with a new syntax for constraints. (T5517)
  • GnuPG: The socket files are now located under Appdata/Local. (T5537)
  • GnuPG: A new, optional, configuration syntax has been implemented which allows conditional configuration based on variables. Variables can be read from the Windows registry and controlled by Group Policies.
  • GnuPG: The configured "trusted-key" options can now be properly changed. (T5685)
  • GnuPG: The default selection for smartcard reader now tries to ignore virtual smartcard readers. (T5644)
  • GnuPG: With "gpgconf --show-configs" the configuration of the system can now be listed.
  • GnuPG: A new experimental key database daemon is provided. To enable it put "use-keyboxd" into gpg.conf and gpgsm.conf. Keys are stored in a SQLite database and make key lookup much faster.
  • GnuPG: Major update to Version 2.3.4.
GnuPG:           2.3.4
Kleopatra:       3.1.20
GPA:             0.10.0
GpgOL:           2.5.1
GpgEX:           1.0.8
Kompendium DE:   4.0.1
Compendium EN:   3.0.0

Explicit download of this version: gpg4win-4.0.0.exe

Version 3.1.16 released 2021-06-11

  • GpgOL: Added support for encrypting Outlook elements such as forwarded mails or contacts and events. (T4184)
  • GpgOL: The "conflicting crypto preferences" warning now ignores more undocumented states. (T5335)
  • Kleopatra: Added a "Groups" feature where you can define recipient groups that can then be selected as a whole when doing operations. (T5175 T5241)
  • Kleopatra: Encryption works again with Windows shared file system paths. (T5216)
  • Kleopatra: The check for elevated execution is now only a warning and no longer a hard error. (T5248)
  • Kleopatra: The combined export of S/MIME and OpenPGP certificates has been improved. (T5002)
  • Kleopatra: Search no longer shows all results as uncertified. (T5388)
  • Kleopatra: Added support for additional CardOS Smartcards. (T4876)
  • Kleopatra: Automatically imports public keys for the inserted Smartcard from an Active Directory / LDAP Server. (T4876)
  • Kleopatra: The certify dialog now allows to certify a key as the certification authority for a specific domain. This enables Public Key Infrastructures where the certification is delegated. (T5245)
  • Kleopatra: The Smartcard view has been improved for better usability. (T4876)
  • Kleopatra: Complex LDAP Keyserver entries can now be entered without corruption. (T5404)
  • Kleopatra: Very large Archives no longer lead to crashes on decryption. (T5475)
  • Kleopatra: The performance when decrypting archives has been improved. (T5478)
  • Kleopatra: Encrypting folders with files larger then 4GB no longer leads to truncated archives. (T5475)
  • Kleopatra: Searching on LDAP / Active Directory for OpenPGP keys can now show multiple keys and shows details. (T5441)
  • GnuPG: Importing OpenPGP keys from LDAP no longer strips third party signatures. (T5387)
  • GnuPG: Files encrypted with S/MIME (CMS) but only with a password can now be decrypted.
  • GnuPG: Special characters (non 7bit) are now handled again. (T4398)
  • GnuPG: Updated to 2.2.28 See: https://lists.gnupg.org/pipermail/gnupg-announce/2021q2/000460.html
GnuPG:           2.2.28
Kleopatra:       3.1.16
GPA:             0.10.0
GpgOL:           2.5.0
GpgEX:           1.0.6
Kompendium DE:   4.0.1
Compendium EN:   3.0.0

Explicit download of this version: gpg4win-3.1.16.exe

Version 3.1.15 released 2021-01-12

  • GpgOL: Fixed a critical issue since Gpg4win-3.1.12 where the selection of "No Key" for a recipient could lead to arbitrary keys selected instead. (T5223)
  • GpgOL: auto-key-retrieve in the GnuPG config now no longer leads to "No Data" errors when viewing signed mails. (T5164)
  • GpgOL: The error "No Data" now leads to more useful output in the mail view. (T5164)
  • GpgOL: The name for VS-NfD compliance is now configurable through libkleopatrarc.
  • Kleopatra: The dialog to create new keys has been simplified and makes it easier to create keys without protection. This can be disabled by setting "enforce-passphrase-constraints" in the gpg-agent configuration. (T5181)
  • Kleopatra: Name and e-mail for new keys are now obtained through active directory if they are available. (T5181)
  • Kleopatra: Creating S/MIME CSRs for OpenPGP Smartcards has been further improved. (T5127)
  • Kleopatra: Tag support for certifications has been greatly improved and is now also available when adding keys in the file encrypt dialog. (T5174)
  • Kleopatra: Elevated execution of Kleopatra (run as Administrator) is now prevented to avoid accidental permission problems in the GnuPG data folder. (T5212)
  • Kleopatra: Setting the initial SigG PIN for NetKey cards now also works if the generic PIN is not set. (T5220)
  • GnuPG: Now supports system wide configuration files in "%ProgramData%\GNU\etc\gnupg" so Administrators can both set defaults and enforce a specific configuration. The Format is the same as the user configuration under "%AppData%\gnupg" with additional syntax to enforce some options and ignore other options. (T4788)
  • GnuPG: OpenPGP certificates can no be obtained automatically over Active Directory.
  • GnuPG: The scheme for LDAP access has been improved.
  • GnuPG: Updated to 2.2.27 See: https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000452.html Announcement for 2.2.26: https://lists.gnupg.org/pipermail/gnupg-announce/2020q4/000451.html
GnuPG:           2.2.27
Kleopatra:       3.1.15
GPA:             0.10.0
GpgOL:           2.4.10
GpgEX:           1.0.6
Kompendium DE:   4.0.1
Compendium EN:   3.0.0

Explicit download of this version: gpg4win-3.1.15.exe

Version 3.1.14 released 2020-11-25

  • Kleopatra: It is now possible to revoke certifications with Kleopatra. (T5094)
  • Kleopatra / GnuPG: Unicode home directories are now supported. (T5055)
  • Kleopatra: Directories for encryption may now contain unicode filenames. (T4083)
  • Kleopatra: Improved Smartcard support, preshadowing the full multicard support with GnuPG 2.3. (T5066)
  • Pinentry: The dialog should now receive input focus in more scenarios. (T4123)
  • GpgOL: Plain text e-mails without attachments are displayed correctly again.
  • GpgOL: S/MIME Mails with multiple attachments no longer create an invalid warning.
  • GnuPG: Updated to 2.2.25 ( https://lists.gnupg.org/pipermail/gnupg-announce/2020q4/000450.html )
GnuPG:           2.2.25
Kleopatra:       3.1.14
GPA:             0.10.0
GpgOL:           2.4.8
GpgEX:           1.0.6
Kompendium DE:   4.0.1
Compendium EN:   3.0.0

Explicit download of this version: gpg4win-3.1.14.exe

Version 3.1.13 released 2020-09-04

  • GnuPG: Updated to 2.2.23 to fix CVE-2020-25125. ( https://lists.gnupg.org/pipermail/gnupg-announce/2020q3/000448.html )
  • GpgOL: Fixed an issue where unencrypted drafts of mails were stored on the Exchange Server and could be restored through the "recently deleted items" option. Especially if the draft encryption, introduced in Gpg4win-3.1.8, is used this can be a security issue. (T5022) Gpg4win cannot offer guarantees that Outlook does not send data which is entered *before* the encryption to Microsoft or an Exchange Server. Under Windows with Outlook this is impossible to control. The draft encryption option is our best effort to avoid this.
GnuPG:           2.2.23
Kleopatra:       3.1.12
GPA:             0.10.0
GpgOL:           2.4.7
GpgEX:           1.0.6
Kompendium DE:   4.0.1
Compendium EN:   3.0.0

Explicit download of this version: gpg4win-3.1.13.exe

Version 3.1.12 released 2020-07-24

  • GpgOL: Improved handling of mails with encrypted subjects. (T4796)
  • GpgOL: Improved integration with Web Key Services to automatically provide public keys. (T4839)
  • GpgOL: The addressbook integration is now more visible. (T4874)
  • GpgOL: Group accounts are now properly considered when preselecting the signing key. (T4090)
  • GpgOL: During signature verification a preview of the content is now displayed. (T4944)
  • GpgOL: Printing of encrypted mails now works correctly after changing the printer. (T4890)
  • GpgOL: Security level of keys obtained from a Web Key Directory is now properly shown as Level 2.
  • GpgOL: Permanently decrypt now works more reliably and should no longer lead to "No Data" errors. (T4718)
  • GpgOL: Long lines in plaintext mails should no longer be displayed as multiple lines after decryption. (T4987)
  • GpgOL: Attachments with filenames that are not allowed on Windows can now be handled. (T4835)
  • GpgOL: Mails with exactly one attachment and no body are now displayed correctly.
  • GnuPG: Symmetric encryption now uses only one password dialog. (T4971)
  • GnuPG: Improved certificate import for S/MIME certificates. (T4847)
  • GnuPG: Added support for CardOS 5 Smartcards based on the D-Trust 3.1 card.
  • GnuPG: Support for rsaPSS signatures has been added. (T4538)
  • GnuPG: The "Quality" of a new passphrase is no longer incorrectly displayed. (T2103)
  • Kleopatra: Overwriting secret key exports now works correctly. (T4709)
  • Kleopatra: Fixed a case where file sign & encrypt dialogs would not be shown on high DPI systems. (T4819)
  • Kleopatra: The sorting of multiple tabs has been fixed.
  • Kleopatra: The minimal lenght of the Name has been reduced to better support non latin names. (T4745)
  • Kleopatra: The filename suggestion for key exports has been improved to avoid confusion between public and private key exports. (T4995)
  • Kleopatra: Authentication subkeys can now be exported in the OpenSSH format.
  • Kleopatra: Markup is now automatically removed when pasting into the notepad. (T4969)
  • Kleopatra: "updating..." as key validity is no longer displayed incorrectly when doing a keyserver search. (T4948)
  • Gpg4win: The file and URL connections with Kleopatra now properly split arguments and potential external data like filenames and the search query. This prevents a security issue where Kleopatra could be triggered to load a library from a filename provided through an unescaped URL.
GnuPG:           2.2.21
Kleopatra:       3.1.12
GPA:             0.10.0
GpgOL:           2.4.6
GpgEX:           1.0.6
Kompendium DE:   4.0.1
Compendium EN:   3.0.0

Explicit download of this version: gpg4win-3.1.12.exe

Version 3.1.11 released 2019-12-17

  • GpgOL: Improved compatibility with other clients for S/MIME e.g. the Outlook web interface. (T4543 T4525)
  • GpgOL: E-Mails which are too large to fully decrypt / verify on a Server with E-Mail size limits are now handled with a proper error. (T4731)
  • GpgOL / Kleopatra: The GnuPG-System config page can now be hidden.
  • GpgOL: There is now an additional configuration option to always show the security approval dialog, even with full automation.
  • GpgOL: E-Mails are no longer always classified as HTML.
  • GpgOL: Saving E-Mails as files now also works when the mail is opened in its own Window.
  • GpgOL: Fixed a rare case where GpgOL could crash when opening a Mail from the file system.
  • GpgOL: The security approval dialog now has additional info buttons to show extended information.
  • Kleopatra: The certify dialog has been reworked to be more user friendly and require less clicks. (T4649)
  • Kleopatra: New Feature "Search Tags": When certifying a user identity you can now add additional "Tags". Tags are shown which are made by any user that has full ceritification trust. They can be used to group or search keys by additional information. (T4734)
  • Kleopatra: There is now an error message when a key could not be found during file encryption.
  • Kleopatra: The Smartcard Management now also works for OpenPGP 3 cards e.g. newer Yubikeys.
  • GnuPG: Network access is now much faster if IPv6 is not available. (T4165)
  • GnuPG: Prepare against chosen-prefix SHA-1 collisions in key signatures. This change removes all SHA-1 based key signature newer than 2019-01-19 from the web-of-trust. Note that this includes all key signature created with DSA-1024 keys. The new option --allow-weak-key-signatues can be used to override the new and safer behaviour. (T4755, CVE-2019-14855)
  • GnuPG: Updated to Version 2.2.19. (See: https://gnupg.org for additional News.)
GnuPG:           2.2.19
Kleopatra:       3.1.11
GPA:             0.10.0
GpgOL:           2.4.4
GpgEX:           1.0.6
Kompendium DE:   4.0.1
Compendium EN:   3.0.0

Explicit download of this version: gpg4win-3.1.11.exe

Version 3.1.10 released 2019-07-14

  • GpgOL: Fixed a possible plaintext leak to the mail server, which could occur when opening and closing mails while the mail was also visible in the message list. (T4622 T4621)
  • GnuPG: Ignore all key-signatures received from keyservers. This change is required to mitigate a DoS due to keys flooded with faked key-signatures. The old behaviour can be achieved by adding keyserver-options no-self-sigs-only,no-import-clean to your gpg.conf. (T4607) See: https://wiki.gnupg.org/WKD for an alternative to the keyservers.
  • GnuPG: Updated to Version 2.2.17. (See: https://gnupg.org for News.)
GnuPG:           2.2.17
Kleopatra:       3.1.8
GPA:             0.10.0
GpgOL:           2.4.2
GpgEX:           1.0.6
Kompendium DE:   4.0.1
Compendium EN:   3.0.0

Explicit download of this version: gpg4win-3.1.10.exe

Version 3.1.9 released 2019-06-15

  • Kleopatra: Fixed autocompletion of recipients. (T4569)
  • GpgOL: Printing of crypto mails now fully works. (T4560)
  • GpgOL: File -> Save As does now work. (T4318)
GnuPG:           2.2.16
Kleopatra:       3.1.8
GPA:             0.10.0
GpgOL:           2.4.0
GpgEX:           1.0.6
Kompendium DE:   4.0.1
Compendium EN:   3.0.0

Explicit download of this version: gpg4win-3.1.9.exe

Version 3.1.8 released 2019-06-06

  • Kleopatra: The certificate view now has configurable columns and no longer looses state after a refresh. (T4557 T3888 T3604)
  • Kleopatra: The Dialog to add user-ids was improved and simplified. (T4139)
  • Kleopatra: A warning has been removed when searching for fingerprints and the suggested behavior automated. (T4164)
  • Kleopatra: The user-id certifications view has been improved to better show the state of the certifications. (T4458)
  • GpgOL: S/MIME certificates can now be placed similar to OpenPGP keys into the address book. (T4479)
  • GpgOL: A possible loss of attachments when forwarding crypto and non crypto mails has been fixed. (T4526)
  • GpgOL: It no longer can happen that attachments with a Content-ID are hidden even though they are not visible in the message body. (T4203)
  • GpgOL: Added Draft encryption as an optional and currently experimental feature. (T4388)
  • GpgOL: S/MIME Mails now use the same icons as Outlook to avoid user confusion. (T4558)
  • GpgOL: The internal format for S/MIME Messages has been changed to improve compatibility with other clients. (T4278 T4553)
  • GpgOL: Automatic encryption is no longer triggered for users without an S/MIME certificate if S/MIME is preferred. (T4483)
  • GpgOL: A possibility that S/MIME Mails were still handled by GpgOL even though S/MIME was disabled no longer exists. (T3935)
  • GpgOL: The security approval dialog has been improved and handles situations with multiple keys better. (T4559)
  • GpgOL: Several rare crashes have been fixed when memory debugging was enabled.
  • GpgOL: Now accepts some more broken mails from other clients. (T4552)
  • GpgOL, Kleopatra: A race condition that could lead to random hang-ups of the complete GnuPG system after using S/MIME has been fixed.
  • GnuPG: Updated to Version 2.2.16. (See: https://gnupg.org for News.)
GnuPG:           2.2.16
Kleopatra:       3.1.8
GPA:             0.10.0
GpgOL:           2.4.0
GpgEX:           1.0.6
Kompendium DE:   4.0.1
Compendium EN:   3.0.0

Explicit download of this version: gpg4win-3.1.8.exe

Version 3.1.7 released 2019-03-28

  • Kleopatra: Fixed a regression from 3.1.6 that broke secret key export, keyserver refresh and keyserver upload. (T4438)
  • GPA: Fixed regressions from 3.1.6 that could lead to crashes. (T4440 T4439)
GnuPG:           2.2.15
Kleopatra:       3.1.7
GPA:             0.10.0
GpgOL:           2.3.3
GpgEX:           1.0.6
Kompendium DE:   4.0.1
Compendium EN:   3.0.0

Explicit download of this version: gpg4win-3.1.7.exe

Version 3.1.6 released 2019-03-27

  • Kleopatra: An issue has been fixed that could cause Kleopatra to generate broken TAR archives. (T4332) If you are affected see: https://wiki.gnupg.org/TroubleShooting#Restoring_corrupted_Archives_created_by_Kleopatra
  • Kleopatra: When importing from X509 directory services trusted-certs from dirmngr are also used. (T4266)
  • Kleopatra: Secret key backup has been simplified. (T4089)
  • Kleopatra: It is now possible to generate keys without signing capability. (T4373)
  • Kleopatra: Startup time has been slightly improved.
  • Kleopatra: Generating keys on OpenPGP Smartcards works again. (T4428)
  • Kleopatra: Shows the embedded, encrypted, file name if it differs from the actual file name. (T4390)
  • Kleopatra, GnuPG: Can now directly import secret keys exported from Symantec PGP Desktop. (T4392)
  • Pinentry: A problem preventing pinentry from starting in some minimal installations has been fixed. (T4347)
  • GPA: An error when generating new keys has been fixed. (T4265)
  • GpgOL: The context menu of a crypto mail now offers to permanently decrypt a message. (T3895)
  • GpgOL: Forwarding sent crypto mails works now. (T4321)
  • GpgOL: S/MIME Mail detection has been improved. Especially when sending from exchange to exchange. (T4262 T3935)
  • GpgOL: Now shows diagnostics in case sign/encrypt failed (T4435)
  • GpgOL: A crash when memory debugging was enabled has been fixed. (T4262)
  • GpgOL: With the new option "Import any keys included in mails" GpgOL can now automatically import keys from mail headers and attachments. (T4432)
  • GpgOL: The option to automatically toggle secure can now be modified to do this even if the keys are untrusted. (T4432)
  • GpgOL: An encrypted subject (e.g. from Enigmail) is now shown after decryption. (T4433)
  • GpgOL: Now uses descriptive names for OpenPGP MIME parts. (T4258)
  • GpgOL: Now provides a minimal API for other Addins or Programs to work with crypto mails which GpgOL would otherwise lock. (T4241)
  • GpgOL: There is now a warning in case GpgOL can't represent an Outlook internal attachment format, like for an Event. (T4184)
  • GnuPG: An issue that could cause dirmngr not to launch on some systems has been fixed. (T3381)
  • GnuPG: Updated to Version 2.2.15. (See: https://gnupg.org for News.)
GnuPG:           2.2.15
Kleopatra:       3.1.6
GPA:             0.10.0
GpgOL:           2.3.3
GpgEX:           1.0.6
Kompendium DE:   4.0.1
Compendium EN:   3.0.0

Explicit download of this version: gpg4win-3.1.6.exe

Version 3.1.5 released 2018-11-13

  • GpgOL: Random misbehavior (crashes, freezes, etc.) after working with S/MIME has been fixed. (T4111)
  • GpgOL: It is now possible to create a system wide default configuration. (T4204)
  • GpgOL: Fixed encoding problems with unusual charsets. (T4156)
  • GpgOL: Disabling data debugging removes more data from debug logs. (T4193)
  • GpgOL: The internal access to key data is now faster. This fixes issues with automatic key resolution. (T4218)
  • GpgOL: Emails in Junk folders can now be moved and are marked. (T4188)
  • GpgOL: The question to save changes no longer appears when using the File menu. (T4236)
  • Kleopatra: Random misbehavior (crashes, freezes, etc.) after working with S/MIME has been fixed. (T4111)
  • Kleopatra: Improved CRL cache operations. (T3967)
  • GnuPG: Updated to version 2.2.11 (See: https://lists.gnupg.org/pipermail/gnupg-announce/2018q4/000432.html )
GnuPG:           2.2.11
Kleopatra:       3.1.4
GPA:             0.10.0
GpgOL:           2.3.2
GpgEX:           1.0.6
Kompendium DE:   4.0.1
Compendium EN:   3.0.0

Explicit download of this version: gpg4win-3.1.5.exe

Version 3.1.4 released 2018-10-17

  • GpgOL: It is now possible to configure OpenPGP keys through Outlook contacts. (T4122)
  • GpgOL: For improved security the signers email is now shown in the trusted sender category. (T4183)
  • GpgOL: Fixed the error: "Failed to resolve recipients." occurring too often. (T4132 T4129)
  • GpgOL: A problem that could prevent mails with Microsoft Office files as attachments from beeing secured has been fixed. (T4131)
  • GpgOL: Debugging has been improved and is now configurable in the config dialog. (T4120 T4121)
  • GpgOL: It is now possible to generally prefer S/MIME. (T4178)
  • GpgOL: A problem that caused attachments to be hidden in unusually structured emails has been fixed. (T4161)
  • GpgOL: A crash when viewing mails in unknown codepages has been fixed. (T4141)
  • GpgOL: It is now possible to automatically import X509 certificates for S/MIME from configured directory services. (T4174)
  • GpgOL: Various smaller bugfixes.
  • GPA: Search now also queries Web Key Directories.
  • GPA: Improved error handling with diagnostic output.
GnuPG:           2.2.10
Kleopatra:       3.1.3
GPA:             0.10.0
GpgOL:           2.3.1
GpgEX:           1.0.6
Kompendium DE:   4.0.1
Compendium EN:   3.0.0

Explicit download of this version: gpg4win-3.1.4.exe

Version 3.1.3 released 2018-08-31

  • GpgOL: It is now possible to move crypto mails while they are open. (T3459)
  • GpgOL: Messages are automatically secured if certified keys / certificates can be found for each recipient. This can be turned off with the option "Automatically secure messages". (T3999)
  • GpgOL: Support for distribution lists has been added. (T4065)
  • GpgOL: S/MIME can now be preferred when automatically resolving recipients. (T3961)
  • GpgOL: Encryption should no longer cause Outlook to freeze. (T3838)
  • GpgOL: Mails moved by Outlook folder rules are now handled by GpgOL. (T4070)
  • GpgOL: The config dialog was changed to improve future extensibility. (T3961)
  • GpgOL: Fixed various memory errors and stability problems.
  • GpgOL: Verifying mails a second time is now much faster.
  • GpgOL: Crashes related to filenames of attachments have been fixed. (T4062 T4032)
  • GpgOL: An error has been fixed which could lead to attachments not beeing displayed.
  • GpgOL: Sent on behalf of is now respected when verifying a signature. (T4110)
  • Kleopatra: Now offers diagnostic information in case of file decryption errors.
  • Kleopatra: Support for NetKey v3 Smartcards has been improved. (T4080)
  • Kleopatra: Decryption errors caused by missing integrity protection (MDC) are now handled properly. (T4038)
  • Kleopatra: Update check can now be disabled more easily. (T4043)
  • Kleopatra: Special characters in GnuPG output should be displayed correctly. (T2983)
  • Kleopatra: p7m and p7s files are now also registered to be opened with Kleopatra. (T3890)
  • Kleopatra: Various minor improvements. (T3238 T4078 T3229 T4041)
  • Installer: Silent install now correctly closes running Gpg4win applications. (T4051)
  • Installer: New optional module "Browser Integration" to register GnuPG as backend for Mailvelope 3.0.
  • GnuPG: The dirmngr process no longer requests Windows firewall access. (T3610)
  • GnuPG: S/MIME data is now handled faster. (T4069)
  • GnuPG: Updated to 2.2.10 (See: https://lists.gnupg.org/pipermail/gnupg-announce/2018q3/000428.html )
GnuPG:           2.2.10
Kleopatra:       3.1.3
GPA:             0.9.10
GpgOL:           2.3.0
GpgEX:           1.0.6
Kompendium DE:   4.0.1
Compendium EN:   3.0.0

Explicit download of this version: gpg4win-3.1.3.exe

Version 3.1.2 released 2018-06-17

  • GpgOL: Removed support for Outlook 2003 and 2007. (T3984)
  • GpgOL: Unsigned S/MIME mails are now treated more restrictive. (T3986)
  • GpgOL: Replies to unencrypted no-mime mails no longer only display quoted contents. (T3964)
  • GpgOL: Handling of special characters in no-mime mails has been improved. (T3975)
  • GpgOL: Added dutch and ukrainian translations.
  • GpgOL: Additional crashes habe been fixed. (T3946)
  • GpgOL: The resolution of ambigous recipients has been improved. (T3978)
  • Kleopatra: Small usability improvements.
  • GnuPG: Update to version 2.2.8 (CVE-2018-0495 CVE-2018-12020) (See: https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html )
GnuPG:           2.2.8
Kleopatra:       3.1.2
GPA:             0.9.10
GpgOL:           2.2.0
GpgEX:           1.0.6
Kompendium DE:   4.0.1
Compendium EN:   3.0.0

Explicit download of this version: gpg4win-3.1.2.exe

Version 3.1.1 released 2018-05-03

  • General: An issue was fixed, which could lead to "Invalid crypto engine" errors. (T3919)
  • S/MIME: An issue was fixed, which could prevent successful CRL checks. (T3923)
  • S/MIME: OCSP certificate checks can now be combined with CRL checks.
  • S/MIME: Certificate search on LDAP Servers works again. (T3937)
  • Kleopatra: Activating a profile no longer requires a restart of the affected components.
  • GpgOL: Improved error handling for encryption and decryption.
  • GpgOL: A possible crash when editing recipients has been fixed. (T3931)
  • GpgOL: The automatic recipient resolution has been improved. Among other things it now properly handles S/MIME as a fallback. (T3929)
  • GpgOL: The context menu of crypto mails now has the option to directly print the decrypted content. (T3762)
  • GnuPG: Update to version 2.2.7 (See: https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000424.html )
GnuPG:           2.2.7
Kleopatra:       3.1.1
GPA:             0.9.10
GpgOL:           2.1.1
GpgEX:           1.0.6
Kompendium DE:   4.0.1
Compendium EN:   3.0.0

Explicit download of this version: gpg4win-3.1.1.exe

Version 3.1.0 released 2018-04-13

  • Kleopatra: now offers a text editor for text based crypto. (T3743)
  • Kleopatra: The extended certificate selection now offers import. (T3744)
  • Kleopatra: A crash when verifiying a detached signature has been fixed. (T3761)
  • Kleopatra: The advanced key generation now offers curve 25519. (T3826)
  • Kleopatra: Certificate details have been improved.
  • Kleopatra: Decrypting / verifiying multiple files at once has been fixed. (KDE-Bug: 391222)
  • Kleopatra: Serveral issues have been fixed, which occurred, if the Appdata directory was redirected to an UNC path. (T3818)
  • Kleopatra: Multiple minor improvements. (T3845 T3846 T3776 T3723 T3849 T3850 T3865 T3868)
  • GpgOL: Cryptographic functions are now called directly from GpgOL, without using Kleopatra. This fixes several problems caused by communication issues between Kleopatra and GpgOL. (T3509)
  • GpgOL: PGP/Inline (i.e. non-MIME) is now supported for sign and encrypt. This helps with compatibility problems like T3545.
  • GpgOL: Another problem which could cause decrypted mails not to be displayed is fixed. (T3789)
  • GpgOL: Outlook should no longer loose focus after encrypting a mail. (T3732)
  • GpgOL: Basic support for Web Key publishing has been added. (T3785)
  • GpgOL: Additional mail types are now supported when reading. (T3802 T3882)
  • GpgOL: The handling of Exchange Mail addresses was improved. (T3082)
  • GpgOL: A problem that could cause mails to be stuck in the outbox has been fixed. (T3812)
  • GpgOL: Now trys harder to fixup broken PGP/Inline (no-MIME) Messages. (T3821)
  • GpgOL: Forwarding of encrypted / signed mails with attachments is now supported. (T3836)
  • GpgOL: S/MIME is supported again with the last version of Exchange 2016. (T3853)
  • GpgOL: Re-Sending crypto mails is now supported. (T3884)
  • GpgOL: A problem that could lead to strange numbering of attachments was resolved. (T3886)
  • GnuPG: A rare problem that could lead to "General Error" messages after a fresh install of Gpg4win has been fixed. (T3839)
  • GnuPG: Updated to version 2.2.6. (See: https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000421.html )
GnuPG:           2.2.6
Kleopatra:       3.1.0
GPA:             0.9.10
GpgOL:           2.1.0
GpgEX:           1.0.6
Kompendium DE:   4.0.1
Compendium EN:   3.0.0

Explicit download of this version: gpg4win-3.1.0.exe

Version 3.0.3 released 2018-01-12

  • GnuPG: Updated to 2.2.4.
  • GpgOL: A bug that caused drafted mails not to encrypt the correct content has been fixed. (T3419)
  • GpgOL: A bug that caused encrypted mails not to be displayed has been fixed. (T3537)
  • GpgOL: A bug that caused sending unencrypted mails when Outlooks internal S/MIME code was activated has been fixed. (T3656)
  • GpgOL: PGP/Inline (no-mime) sending is now compatible with Microsoft Exchange Online. (T3662)
  • GpgOL: The recipient lookup for Exchange addresses has been improved.
  • GpgOL: Signatures of signed only mails with attachments have been fixed. (T3735)
  • GpgEX: An internal error when trying to verify a non-signature file has been fixed. (T3658)
  • Kleopatra: Sorting in Keylist has been fixed. (T3603)
  • Kleopatra: Certificate details for S/MIME certificates have been improved. (T3611, T3727, T3726)
  • Kleopatra: Certificates can now be exported as text from the certificate details. (T3605)
  • Kleopatra: The usage of the temp directory to buffer decrypted data is now configurable. (T3602)
  • Installer: The installer no longer reinstalls desktop shortcuts on upgrade. (T3729)
GnuPG:           2.2.4
Kleopatra:       3.0.2
GPA:             0.9.10
GpgOL:           2.0.6
GpgEX:           1.0.5
Kompendium DE:   4.0.0
Compendium EN:   3.0.0

Explicit download of this version: gpg4win-3.0.3.exe

Version 3.0.2 released 2017-12-08

  • GnuPG: Two issues have been fixed that could block the GnuPG system. (T3378)
  • GpgOL: More possible "random" crashes caused by GpgOL have been fixed. (T3484)
  • GpgOL: Outlook is no longer blocked when selecting many mails. (T3433)
  • GpgOL: G Suite Sync plugin accounts are now detected. Only sending No-MIME PGP/Messages (without attachments) and unsigned messages are supported. Reading crypto mail is fully supported. (T3545)
  • GpgOL: The option to send "No-MIME" (inline) PGP encrypted, unsigned text messages without attachments works again. (T3514)
  • GpgOL: Improved error handling for signed, unencrypted mails. (T3538)
  • GpgOL: Several performance improvements.
  • GpgOL: Improved detection of large PGP/MIME messages and MS-TNEF crypto messages. (T3419 , T3542)
  • Kleopatra: Passphrase entry is no longer opened behind Kleopatra windows. (T3460)
  • Kleopatra: Decrypting archives across partitions has been fixed. (T3547)
  • Kleopatra: Fixed possible crash in GpgOL certificate selection. (T3544)
  • Kleopatra: Preselection of encrypt / sign file actions from GpgEX works again. (T3543)
  • Kleopatra: Added Web Key Directory lookup support in file encryption dialog. (T3548)
  • Kleopatra: Fixed crash when searching in LDAP. (T3550)
  • Kleopatra: Fixed crash when aborting key generation. (T3577)
  • Kleopatra: Certifications are accessible again from the certificate details view. (T3579)
  • Kleopatra: It is now possible to publicly certify an already locally signed certificate. (T1649)
GnuPG:           2.2.3
Kleopatra:       3.0.1
GPA:             0.9.9
GpgOL:           2.0.5
GpgEX:           1.0.5
Kompendium DE:   4.0.0
Compendium EN:   3.0.0

Explicit download of this version: gpg4win-3.0.2.exe

Version 3.0.1 released 2017-11-21

  • GpgOL: A cause for seemingly random crashes in Outlook has been fixed.
  • GpgOL: A crash when pasting recipients has been fixed.
  • GpgOL: Various problems regarding S/MIME mails have been fixed.
  • GpgOL: A user interface error for Outlook 2010 has been fixed.
  • GpgOL: Kleopatra is again started in the background to speed up crypto operations.
  • Kleopatra: Various problems regarding S/MIME file operations have been fixed.
  • Kleopatra: Various problems regarding folder operations and archives have been fixed.
  • GnuPG: Has been updated to version 2.2.3.
  • Some small bugfixes and improvements.
  • The mkportable process can be used again to create a portable Gpg4win variant.
GnuPG:           2.2.3
Kleopatra:       3.0.1
GPA:             0.9.9
GpgOL:           2.0.3
GpgEX:           1.0.5
Kompendium DE:   4.0.0
Compendium EN:   3.0.0

Explicit download of this version: gpg4win-3.0.1.exe

Version 3.0.0 released 2017-09-19

  • German Compendium is now Updated to Version 4.0. It is adjusted to the changes made in Gpg4win 3.0
  • GnuPG is now of the modern 2.2 variant. See: https://lists.gnupg.org/pipermail/gnupg-announce/2017q3/000413.html for more information about this.
  • GpgOL is now also supported for Outlook 64 bit.
  • GpgOL for Outlook 2010 and later now uses toggle buttons to let you select Encrypt and Sign. The operations are done when the mail is sent, including all attachments, using a standard format (MIME).
  • GpgOL for Outlook 2010 and later now automatically decrypts emails again.
  • All 68 KDE translations for Kleopatra are now included in Gpg4win.
  • Kleopatra uses an updated icon theme.
  • Kleopatra now shows the used curve in for ECC keys under technical details.
  • Kleopatra has been updated to a new set of base libraries.
  • Binaries are now all installed in a bin sub-directory. DBus and kbuildsycoa are no longer required. This fixes the startup issues of Kleopatra some users were facing.
  • After importing a secret key in Kleopatra you will be asked to directly mark it as your own key (ownertrust).
  • Kleopatra now allows you to create ECC keys in the Advanced Settings during Key generation.
  • Kleopatras file menu now also offers to encrypt folders.
  • Kleopatra has a new option to print a secret key through the paperkey tool.
  • GPA and Kleopatra are now registred for OpenPGP and S/MIME related file extensions.
  • The file encryption dialog in Kleopatra has been redesigned to reduce steps and improve user experience.
  • Kleopatra automatically detects the type of an input file and automatically starts the corresponding action (e.g. decrypt).
  • Symmetric (password only) encryption is now accessible through Kleopatra and can be combined with public-key encryption.
  • Pinentry now enables you to inspect the typed passphrase.
  • Kleopatra now supports OpenPGP Smartcards management.
  • GpgOL for Outlook 2010 and later has a new interface to show the signature / encryption state inside of Outlook.
  • GnuPG now supports https and uses the https sks-keyserver pool by default.
  • GpgOL now supports sending and receiving HTML Mails
  • Kleopatra has improved file verification messages.
  • Kleopatra now supports to directly import missing certificates when verifying a file.
  • Many bugfixes and minor improvements.
GnuPG:           2.2.1
Kleopatra:       3.0.0
GPA:             0.9.9
GpgOL:           2.0.1
GpgEX:           1.0.5
Kompendium DE:   4.0.0
Kompendium EN:   3.0.0

Explicit download of this version: gpg4win-3.0.0.exe

Version 2.3.4 released 2017-07-06

  • The cryptography library libgcrypt has been updated to version 1.7.8 to include a fix for a side channel attack. [CVE-2017-7526] Details: https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000408.html
  • Support libraries have been updated.
  • GPA was updated to 0.9.10. This includes a fix for file handling with filenames containing special characters.
GnuPG:           2.0.30
Kleopatra:       2.2.0-gitfb4ae3d
GPA:             0.9.10
GpgOL:           1.4.0
GpgEX:           1.0.4
Kompendium DE:   3.0.0
Kompendium EN:   3.0.0

Explicit download of this version: gpg4win-2.3.4.exe

Version 2.3.3 released 2016-08-18

  • The cryptography library libgcrypt has been updated to version 1.6.6 to include a fix a problem with the random number generator. [CVE-2016-6313] Details: https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html
GnuPG:           2.0.30
Kleopatra:       2.2.0-gitfb4ae3d
GPA:             0.9.9
GpgOL:           1.4.0
GpgEX:           1.0.4
Kompendium DE:   3.0.0
Kompendium EN:   3.0.0

Explicit download of this version: gpg4win-2.3.3.exe

Version 2.3.2 released 2016-07-05

  • When S/MIME is disabled in GpgOL it now also ignores sent mails.
  • Problems causing the start of Kleopatra and GPA from GpgEX and GpgOL have been fixed.
  • Various regressions in 2.3.1 are now again fixed.
GnuPG:           2.0.30
Kleopatra:       2.2.0-gitfb4ae3d
GPA:             0.9.9
GpgOL:           1.4.0
GpgEX:           1.0.4
Kompendium DE:   3.0.0
Kompendium EN:   3.0.0

Explicit download of this version: gpg4win-2.3.2.exe

Version 2.3.1 released 2016-04-05

  • GpgOL now has an option dialog where S/MIME can be disabled.
  • GpgOL now supports the 64 Bit version of Microsoft Outlook.
  • GpgOL can be switched to the new, experimental, MIME aware behavior in the Options Dialog.
  • GpgOL now reverts temporary changes made to MIME mails. So that they can be opened with other clients again.
  • GpgEX no longer blocks the Windows Explorer while it starts GPA or Kleopatra.
GnuPG:           2.0.30
Kleopatra:       2.2.0-gitfb4ae3d
GPA:             0.9.9
GpgOL:           1.4.0
GpgEX:           1.0.4
Kompendium DE:   3.0.0
Kompendium EN:   3.0.0

Explicit download of this version: gpg4win-2.3.1.exe

Version 2.3.0 released 2015-11-25

  • GpgOL now supports reading PGP/MIME and S/MIME mails, the standard format for Crypto Mails as sent by Thunderbird/Enigmail, GPGMail or KMail. For details see: https://wiki.gnupg.org/GpgOL/MIMESupport
  • GpgOL now supports Outlook 2016.
  • AES-NI Instructions for faster encryption and decryption with AES are now supported. (GnuPG Bug #1919)
  • The decrypt/verify window of GpgOL no longer moves and resizes erratically. (KDE Bug #355140)
  • Bulk import of more then a hundred keys no longer fails when Kleopatra is running. (GnuPG Bug #2135)
  • French and Chinese localisation has been added to the installer, GpgEX and GpgOL. Thanks to Oliver Serve and Mingye Wang.
  • Several apparently random crashes in GpgOL have been fixed (GnuPG Bug #1837)
  • GpgOL now handles attachments in PGP/MIME and S/MIME mails with non ASCII characters in the filename correctly.
  • A vulnerability in the Gpg4win-installer has been fixed. See: [security advisory 2015-11-25] for details.
GnuPG:           2.0.29
Kleopatra:       2.2.0-gitfb4ae3d
GPA:             0.9.9
GpgOL:           1.3.0
GpgEX:           1.0.3
Kompendium DE:   3.0.0
Kompendium EN:   3.0.0

Explicit download of this version: gpg4win-2.3.0.exe

Version 2.2.6 released 2015-09-09

  • Claws Mail has been removed from the package. Users of Claws Mail should switch to the version maintained by the Claws Mail initiative available on: http://www.claws-mail.org/win32/
  • GnuPG has been updated to Version 2.0.29.
  • X509 Certificate requests can now again generated with default options.
  • GPA has been updated to Version 0.9.9.
GnuPG:           2.0.29
Kleopatra:       2.2.0-gitcf609810
GPA:             0.9.9
GpgOL:           1.2.1
GpgEX:           1.0.2
Kompendium DE:   3.0.0
Kompendium EN:   3.0.0

Explicit download of this version: gpg4win-2.2.6.exe

Version 2.2.5 released 2015-07-10

  • GnuPG has been updated to version 2.0.28. See release notes on www.gnupg.org for details.
  • A potential crash during certificate search has been fixed.
  • Kleopatra no longer queries revocation information for X509 certificates during startup. This will drastically improve the startup time for some users. Revocation information is still checked once a certificate is used.
  • Kleopatra now uses the same defaults as GnuPG for new OpenPGP certificates.
  • Third party libraries included in Gpg4win have been updated.
GnuPG:           2.0.28
Kleopatra:       2.2.0-gita3c9200
GPA:             0.9.7
GpgOL:           1.2.1
GpgEX:           1.0.2
Claws-Mail:      3.9.1
Kompendium DE:   3.0.0
Kompendium EN:   3.0.0

Explicit download of this version: gpg4win-2.2.5.exe

Version 2.2.4 released 2015-03-17

  • GnuPG has been updated to version 2.0.27. See release notes on www.gnupg.org for details.
  • Libgcrypt has been updated to version 1.6.3 (includes fix for CVE-2014-3591)
  • An issue has been fixed which could cause extracted files from TAR Archives to be truncated.
GnuPG:           2.0.27
Kleopatra:       2.2.0-git945878c
GPA:             0.9.7
GpgOL:           1.2.1
GpgEX:           1.0.1
Claws-Mail:      3.9.1
Kompendium DE:   3.0.0
Kompendium EN:   3.0.0

Explicit download of this version: gpg4win-2.2.4.exe

Version 2.2.3 released 2014-11-25

  • The vanilla installer has been fixed by including GnuTLS.
  • Creation of portable versions with mkportable has been fixed.
  • GPA now works again under Windows XP.
  • Verification of a detached signature without specifying what should be verified may now show a warning and has been disabled in batch mode.
  • Tar archives can now include files and folders that use special characters (e.g. umlauts) which can be encoded in the native Windows 8-Bit codepage.
  • Kleopatra now handles preprocessing (e.g. archiving) errors and safely aborts the operation.
  • GPA has been updated to version 0.9.6.
  • A security problem in the libksba library has been fixed.
GnuPG:           2.0.26
Kleopatra:       2.2.0-git945878c
GPA:             0.9.6
GpgOL:           1.2.1
GpgEX:           1.0.1
Claws-Mail:      3.9.1
Kompendium DE:   3.0.0
Kompendium EN:   3.0.0

Explicit download of this version: gpg4win-2.2.3.exe

Version 2.2.2 released 2014-09-03

  • GnuPG has been updated to version 2.0.26. See release notes on www.gnupg.org for details.
  • Sreen reader support and accessibility of Kleopatra was improved.
  • A library load problem has been fixed that could keep Kleopatra from starting on some systems.
  • Kleopatra has been updated to KDE Sofware Collection 4.14.
  • Used libraries have been updated to their latest stable relase.
  • GpgEX no longer crashes if the environment variable GNUPGHOME is set.
  • Pinentry-qt warning and confirmation dialogs should now open always in foreground.
  • Problems with Outlook sender and recipient address lookup have been fixed in GpgOL. Especially for Microsoft Exchange addresses.
  • Command line output is encoded to the Windows console encoding.
  • The pinentry dialog is now translated correctly in the French locale.
  • Command line wildcards (like *.txt) work again.
GnuPG:           2.0.26
Kleopatra:       2.2.0-gitac229d2
GPA:             0.9.4
GpgOL:           1.2.1
GpgEX:           1.0.1
Claws-Mail:      3.9.1
Kompendium DE:   3.0.0
Kompendium EN:   3.0.0

Explicit download of this version: gpg4win-2.2.2.exe

Version 2.2.1 released 2013-10-08

  • Fixed possible infinite recursion in the compressed packet parser. [CVE-2013-4402]
  • Kleopatra no longer crashes when using Microsoft Office IME.
  • Support for SPR332 and 532 pinpads.
GnuPG:           2.0.22
Kleopatra:       2.2.0
GPA:             0.9.4
GpgOL:           1.2.0
GpgEX:           1.0.0
Claws-Mail:      3.9.1
Kompendium DE:   3.0.0
Kompendium EN:   3.0.0

Explicit download of this version: gpg4win-2.2.1.exe

Version 2.2.0 released 2013-08-20

  • GpgEx now works on Windows 64 bit.
  • Gpg-agent may now be used as Pageant (PuTTY authentication agent) replacement with additional smartcard support.
  • Pinentry now allows to paste in the passphrase.
  • Kleopatra no longer crashes when started by a regular user on terminal servers (Windows Server).
  • GpgOL provides rudimentary support for Outlook 2010 and 2013. The following crypto functions are already available via the new GpgOL ribbon rsp. Outlook's context menu (no MIME parsing, yet): - Encrypting/decrypting mail bodys - Saving and decrypting attachments - Attaching and encrypting files - Signing and signature verification (of opaque signatures)
  • Extracting a tarball through the Kleopatra GUI now works reliable
  • Added mkportable.exe as a tool to create a portable installation.
  • Kleopatra now allows it to generate keys with a size up to 4096 bit.
GnuPG:           2.0.21
Kleopatra:       2.2.0
GPA:             0.9.4
GpgOL:           1.2.0
GpgEX:           1.0.0
Claws-Mail:      3.9.1
Kompendium DE:   3.0.0
Kompendium EN:   3.0.0

Explicit download of this version: gpg4win-2.2.0.exe

Version 2.1.1 released 2013-05-28

  • New versions of GnuPG, GpgOL, GPA, Kleopatra, and Claws-Mail.
  • Development files for the crypto libraries will now be installed.
GnuPG:           2.0.20
Kleopatra:       2.1.1
GPA:             0.9.4
GpgOL:           1.1.3
GpgEX:           0.9.7
Claws-Mail:      3.9.1
Kompendium DE:   3.0.0
Kompendium EN:   3.0.0-beta1

Explicit download of this version: gpg4win-2.1.1.exe

Version 2.1.0 released 2011-03-15

  • New versions of GnuPG, Kleopatra, GpgEX, GpgOL, Claws.
GnuPG:           2.0.17
Kleopatra:       2.1.0 (2011-02-04)
GPA:             0.9.1-svn1024
GpgOL:           1.1.2
GpgEX:           0.9.7
Claws-Mail:      3.7.8cvs47
Kompendium DE:   3.0.0
Kompendium EN:   3.0.0-beta1

Explicit download of this version: gpg4win-2.1.0.exe

Version 2.0.4 released 2010-07-28

  • GpgSM bug fix.
GnuPG:         2.0.14 + 02-gpgsm-realloc-bug.patch
Kleopatra:     2.0.14-svn1098530 (20100303)
GPA:           0.9.0
GpgOL:         1.1.1
GpgEX:         0.9.5
Claws-Mail:    3.7.4cvs1
Kompendium:    3.0.0

Explicit download of this version: gpg4win-2.0.4.exe

Version 2.0.3 released 2010-05-29

  • Bug fixes.
GnuPG:         2.0.14
Kleopatra:     2.0.14-svn1098530 (20100303)
GPA:           0.9.0
GpgOL:         1.1.1
GpgEX:         0.9.5
Claws-Mail:    3.7.4cvs1
Kompendium:    3.0.0

Explicit download of this version: gpg4win-2.0.3.exe

Version 2.0.2 released 2010-04-12

  • Bug fixes and UI improvements.
GnuPG:         2.0.14
Kleopatra:     2.0.14-svn1098530 (20100303)
GPA:           0.9.0
GpgOL:         1.1.1
GpgEX:         0.9.5
Claws-Mail:    3.7.4cvs1
Kompendium:    3.0.0-rc1

Explicit download of this version: gpg4win-2.0.2.exe

Version 2.0.1 released 2009-09-28

  • Fixed a problem opening Office documents and URLs with a running GpgOL.
GnuPG:         2.0.12
Kleopatra:     2.0.11-svn1008232 (2009-09-25)
GPA:           0.9.0
GpgOL:         1.0.1
GpgEX:         0.9.3
Claws-Mail:    3.7.2cvs27
Kompendium:    3.0.0-beta4

Explicit download of this version: gpg4win-2.0.1.exe

Version 2.0.0 released 2009-08-07

  • First production release of this major redesign. Over the last 15 months we did 15 beta releases and hopefully squashed most of the serious bugs.
GnuPG:         2.0.12
Kleopatra:     20090807
GPA:           0.9.0
GpgOL:         1.0.0
GpgEX:         0.9.3
Claws-Mail:    3.7.2
Kompendium:    3.0.0-beta3

Explicit download of this version: gpg4win-2.0.0.exe